City of London banks have been on alert since confidential warnings of a major high-tech theft were issued in December.
The news emerged this week as police continued their investigation into an attempt by computer hackers to steal £220m from Japanese bank Sumitomo.
Alerts were circulated to banks last year through a confidential banking information exchange, which warned of attempts by criminals to plant key logging software in critical bank systems.
A second alert in January warned that banks should be on the lookout for hardware key loggers, which could be covertly inserted into desktop PCs to record passwords used for money transfers, said banking industry sources.
The National Hi-Tech Crime Unit and the City of London Police have been investigating the discovery of key logging software on Sumitomo's systems since October.
Another UK bank discovered that 80 of its Swift money transfer terminals had been fitted with hardware key loggers in December, according to reports.
The attacks bear all the hallmarks of an inside job rather than an external hacking attempt, said security and banking experts this week.
"The most likely scenario is to have someone on the inside who gets a job in IT support, and to have that person go to the desktop, disable the anti-virus, install the key logger and re-enable the anti-virus," said Neil Barrett, an independent security consultant. He added that it is difficult to get key loggers through firewalls.
Banks have been aware of the risk posed by key loggers for several years, a senior security specialist at one large bank told Computer Weekly.
"Software key loggers are relatively easy to counter with anti-virus and anti-spyware products. Zero-day attacks tend to be picked up by anti-virus companies quite quickly," he said
Banks have also taken steps to alert staff to the dangers of hardware key loggers, the specialist revealed.
"We have done a lot of education. We have bought key loggers off the internet, taken photographs of them and made awareness packs. We have trained our security people to know what they are looking for and we do regular checks on cables."
CCTV to monitor computer systems for after hours tampering is another important countermeasure, he said.
John Meakin, group head of information security at Standard Chartered Bank, said banks often deployed push technology to ensure desktop systems are regularly reconfigured to their original settings, reducing the scope for tampering by staff.
Both Sumitomo and the National Hi-Tech Crime Unit have declined to comment on the investigation.
Speak up to beat cybercriminals >>
Banks' secret security battle >>